If you pay attention to data breaches in the news, you may notice that healthcare entities are attacked often, and the incidents often affect hundreds of thousands, to millions, of patients.

The HIPAA Journal examined the amount of healthcare data breaches that took place between April 2022 and March 2023. It recorded six months where more than five million patients were impacted by a healthcare data breach. The peak came in July 2022, where more than eight million patients were affected by a healthcare data breach.

Healthcare entities are popular targets for cybercriminals, as they hold a large amount of sensitive personal information.

In this week’s installment of the BlackCloak Thursday Threat Update, we’ll take a look at two healthcare data breaches where millions of patients had their data compromised.


PharMerica breach affects more than 5.8 million patients

What we know: Pharmacy services provider PharMerica experienced a data breach affecting more than 5.8 million patients. The data breach took place from March 12-13, and was discovered the following day. Compromised information included patients’ names, addresses, dates of birth, Social Security numbers and other medical information. The ransomware group behind the attack leaked the stolen data on their own website and on hacking forums.

Recommendations: Given the sensitive nature of the information leaked, and the fact that data has been leaked, it’s important for any PharMerica customers to take action as soon as possible. Place a credit freeze and fraud alerts on your accounts as soon as you can. Pharmetica is offering one year of free credit monitoring through Experian, and it is highly recommended any individuals sign up.


More than a million patients impacted by Apria Healthcare breach

What we know: Apria Healthcare disclosed it suffered a data breach on two separate occasions impacting more than 1.8 million patients. Unauthorized individuals were able to access patient data from April 5, 2019 to May 7, 2019 and from August 27, 2021 to October 10, 2021. Compromised information included patients’ names, Social Security numbers and financial information that included bank and credit card numbers, security codes, access codes, passwords and PINs.

Recommendations: Similar to anyone affected by the PharMerica breach, place a credit freeze and fraud alert on your accounts at the earliest moment possible. In its data breach notification letter, Apria is offering one year of identity monitoring services through Kroll. Be sure to also change any password and PINs tied to financial accounts you may have used with Apria Healthcare. You may also need to cancel any payment card information you’ve used with the healthcare organization as an abundance of caution. In its statement on the breach, Apria said anyone can call with questions about the breach at 866-347-6672, Monday through Friday from 8:00AM to 5:30PM CST.


Learn the how and why around cyberattacks

Cyberattacks can come in all different shapes and sizes, and while they may seem scary, learning about them can teach you how to protect yourself and your loved ones from becoming victims.

Learn how cybercriminals continue to find success with wire fraud schemes, and how executive cybersecurity can offer protection from ransomware threats.